Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add possibility to permit specified targets only #195

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

lutra
Copy link

@lutra lutra commented Aug 28, 2019

Maybe the project should be named cors-somewhere then, but it can be used in production environment without the risk of having a proxy to sites I do not permit.

Define a regular expression to environment variable
CORSANYWHERE_TARGET_WHITELIST to permit access to targets only.
@coveralls
Copy link

Coverage Status

Coverage decreased (-1.3%) to 98.673% when pulling 86a5777 on lutra:master into 4814647 on Rob--W:master.

@@ -364,6 +365,12 @@ function getHandler(options, proxy) {
return;
}

if (corsAnywhere.checkTargetWhitelisted && !corsAnywhere.checkTargetWhitelisted(location)) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not the right place to enforce target restrictions, because it does not account for redirects.

I once started with a patch to limit targets, in #78, but never finished it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants